IDS-DEC: A novel intrusion detection for CAN bus traffic based on deep embedded clustering

IF 5.8 2区 计算机科学 Q1 TELECOMMUNICATIONS
Jiahao Shi, Zhijun Xie, Li Dong, Xianliang Jiang, Xing Jin
{"title":"IDS-DEC: A novel intrusion detection for CAN bus traffic based on deep embedded clustering","authors":"Jiahao Shi,&nbsp;Zhijun Xie,&nbsp;Li Dong,&nbsp;Xianliang Jiang,&nbsp;Xing Jin","doi":"10.1016/j.vehcom.2024.100830","DOIUrl":null,"url":null,"abstract":"<div><p>As the automotive industry advances towards greater automation, the proliferation of electronic control units (ECUs) has led to a substantial increase in the connectivity of in-vehicle networks with the external environment. However, the widely used Controller Area Network (CAN), which serves as the standard for in-vehicle networks, lacks robust security features, such as authentication or encrypted information transmission. This poses a significant challenge to the security of these networks. Despite the availability of powerful intrusion detection methods based on machine learning and deep learning, there are notable limitations in terms of stability and accuracy in the absence of a supervised learning process with labeled data. To address this issue, this paper introduces a novel in-vehicle intrusion detection system, termed IDS-DEC. This system combines a spatiotemporal self-coder employing LSTM and CNN (LCAE) with an entropy-based deep embedding clustering. Specifically, our approach involves encoding in-vehicle network traffic into windowed messages using a stream builder, designed to adapt to high-frequency traffic. These messages are then fed into the LCAE to extract a low-dimensional nonlinear spatiotemporal mapping from the initially high-dimensional data. The resulting low-dimensional mapping is subjected to a dual constraint in conjunction with our entropy-based pure deep embedding clustering module. This creates a bidirectional learning objective, addressing the optimization problem and facilitating an end-to-end training pattern for our model to adapt to diverse attack environments. The effectiveness of IDS-DEC is validated using both the benchmark Car Hacking dataset and the Car Hacking-Attack &amp; Defense Challenge dataset. Experimental results demonstrate the model's high detection accuracy across various attacks, stabilizing at approximately 99% accuracy with a 0.5% false alarm rate. The F1 score also stabilizes at around 99%. In comparison with unsupervised methods based on deep stream clustering, LSTM-based self-encoder, and classification-based methods, IDS-DEC exhibits significant improvements across all performance metrics.</p></div>","PeriodicalId":54346,"journal":{"name":"Vehicular Communications","volume":null,"pages":null},"PeriodicalIF":5.8000,"publicationDate":"2024-07-26","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Vehicular Communications","FirstCategoryId":"94","ListUrlMain":"https://www.sciencedirect.com/science/article/pii/S2214209624001050","RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q1","JCRName":"TELECOMMUNICATIONS","Score":null,"Total":0}
引用次数: 0

Abstract

As the automotive industry advances towards greater automation, the proliferation of electronic control units (ECUs) has led to a substantial increase in the connectivity of in-vehicle networks with the external environment. However, the widely used Controller Area Network (CAN), which serves as the standard for in-vehicle networks, lacks robust security features, such as authentication or encrypted information transmission. This poses a significant challenge to the security of these networks. Despite the availability of powerful intrusion detection methods based on machine learning and deep learning, there are notable limitations in terms of stability and accuracy in the absence of a supervised learning process with labeled data. To address this issue, this paper introduces a novel in-vehicle intrusion detection system, termed IDS-DEC. This system combines a spatiotemporal self-coder employing LSTM and CNN (LCAE) with an entropy-based deep embedding clustering. Specifically, our approach involves encoding in-vehicle network traffic into windowed messages using a stream builder, designed to adapt to high-frequency traffic. These messages are then fed into the LCAE to extract a low-dimensional nonlinear spatiotemporal mapping from the initially high-dimensional data. The resulting low-dimensional mapping is subjected to a dual constraint in conjunction with our entropy-based pure deep embedding clustering module. This creates a bidirectional learning objective, addressing the optimization problem and facilitating an end-to-end training pattern for our model to adapt to diverse attack environments. The effectiveness of IDS-DEC is validated using both the benchmark Car Hacking dataset and the Car Hacking-Attack & Defense Challenge dataset. Experimental results demonstrate the model's high detection accuracy across various attacks, stabilizing at approximately 99% accuracy with a 0.5% false alarm rate. The F1 score also stabilizes at around 99%. In comparison with unsupervised methods based on deep stream clustering, LSTM-based self-encoder, and classification-based methods, IDS-DEC exhibits significant improvements across all performance metrics.

IDS-DEC:基于深度嵌入式聚类的新型 CAN 总线流量入侵检测器
随着汽车行业向更高自动化水平迈进,电子控制单元(ECU)的激增导致车载网络与外部环境的连接大幅增加。然而,作为车载网络标准而广泛使用的控制器局域网(CAN)却缺乏强大的安全功能,如身份验证或加密信息传输。这给这些网络的安全性带来了巨大挑战。尽管基于机器学习和深度学习的入侵检测方法功能强大,但在缺乏标注数据监督学习过程的情况下,其稳定性和准确性存在明显的局限性。为解决这一问题,本文介绍了一种新型车载入侵检测系统,称为 IDS-DEC。该系统将采用 LSTM 和 CNN(LCAE)的时空自编码器与基于熵的深度嵌入聚类相结合。具体来说,我们的方法是使用流生成器将车载网络流量编码为窗口信息,以适应高频流量。然后将这些信息输入 LCAE,从最初的高维数据中提取低维非线性时空映射。由此产生的低维映射与我们基于熵的纯深度嵌入聚类模块一起受到双重约束。这就创造了一个双向学习目标,解决了优化问题,并为我们的模型提供了端到端的训练模式,以适应不同的攻击环境。IDS-DEC 的有效性通过基准 "汽车黑客攻击 "数据集和 "汽车黑客攻击& 防御挑战 "数据集进行了验证。实验结果表明,该模型对各种攻击的检测准确率很高,准确率稳定在 99% 左右,误报率为 0.5%。F1 分数也稳定在 99% 左右。与基于深度流聚类的无监督方法、基于 LSTM 的自编码器和基于分类的方法相比,IDS-DEC 在所有性能指标上都有显著提高。
本文章由计算机程序翻译,如有差异,请以英文原文为准。
求助全文
约1分钟内获得全文 求助全文
来源期刊
Vehicular Communications
Vehicular Communications Engineering-Electrical and Electronic Engineering
CiteScore
12.70
自引率
10.40%
发文量
88
审稿时长
62 days
期刊介绍: Vehicular communications is a growing area of communications between vehicles and including roadside communication infrastructure. Advances in wireless communications are making possible sharing of information through real time communications between vehicles and infrastructure. This has led to applications to increase safety of vehicles and communication between passengers and the Internet. Standardization efforts on vehicular communication are also underway to make vehicular transportation safer, greener and easier. The aim of the journal is to publish high quality peer–reviewed papers in the area of vehicular communications. The scope encompasses all types of communications involving vehicles, including vehicle–to–vehicle and vehicle–to–infrastructure. The scope includes (but not limited to) the following topics related to vehicular communications: Vehicle to vehicle and vehicle to infrastructure communications Channel modelling, modulating and coding Congestion Control and scalability issues Protocol design, testing and verification Routing in vehicular networks Security issues and countermeasures Deployment and field testing Reducing energy consumption and enhancing safety of vehicles Wireless in–car networks Data collection and dissemination methods Mobility and handover issues Safety and driver assistance applications UAV Underwater communications Autonomous cooperative driving Social networks Internet of vehicles Standardization of protocols.
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
确定
请完成安全验证×
copy
已复制链接
快去分享给好友吧!
我知道了
右上角分享
点击右上角分享
0
联系我们:info@booksci.cn Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。 Copyright © 2023 布克学术 All rights reserved.
京ICP备2023020795号-1
ghs 京公网安备 11010802042870号
Book学术文献互助
Book学术文献互助群
群 号:481959085
Book学术官方微信